Welcome back to the Salesforce Admin Certification workshop on Day 2. in this session/post we will cover Customization and Configuration in Salesforce which covers 20% of Salesforce Admin Certification. The following are the main topics which cover in this section.
- Company Setup
- User Setup
- Security Setup
- UI Setup
- Custom Profile and Permission Sets
Company Setup
Company Information Shows all the essential information related to the company. You can also manage your licenses and entitlements. This page contains the information provided when your company signed up with Salesforce.
Fiscal Year
- Standard fiscal year
- Custom fiscal year (once enabled, can not be disabled)
- Used in forecast reports
Business Hours:
- Define the working hours for the support team.
- If the organization does not work daily, put blank hours for it.
Holiday
Holidays define a date and time on which businesses are suspended. A recurring holiday can be set. If we set a regular holiday for each month, the holiday will not be created if that date does not occur. Holidays can be assigned within business hours. We can associate 1000 holidays with each set of business hours.
User Setup
User Creation
- Human vs non-human user
- A license is required for user creation. (1 License = 1 User)
- We need to define the profile and role of the user.
- One user can have only one role and one profile.
- The user can not be deleted.
- Ten users can be created using the add multiple user button. No matter if we have more licenses available.
Login History
- A place to see all the login attempts of the user.
- If a user complains about not being able to log in, login history is 1st place to check if a user is an active user.
User Deactivate/Freeze
Sometimes if we do not want a user to login into Salesforce we can deactivate or freeze the user. In both, the user will not be able to log in.
- Freeze users only disable the user from logging in.
- Deactivation of the user will release the license, and we can use that license to create another user.
- Sometimes, we can not deactivate a user, eg.
- Default owner of leads
- Default or automated case owner
- Default lead creator or owner
- Default workflow user
- Recipient of workflow email alert
- A user selected in custom hierarchy field
Security Setup
Choosing the data set each user or group of users can see is one of the key decisions that affect the security of your Salesforce org or app. Once you’ve designed and implemented your data model, think about the kinds of things your users are doing and the data they need to do it. Here is a list of all the options with which we can control the security in Salesforce.
- Profile
- Object permission
- Field Permission
- Tab visibility
- Login Hours
- Login IP Ranges
- Permission Set
- Public Group
- Roles
Profile
Profile: It is a collection of settings and permissions that a user can do in Salesforce. The following type of permission can be managed under the profile.
- APP Permission:
- Tab visibility:
- Default on
- Default off
- Tab hidden
- Object permission: Which object can a user see and what action can be performed?
- Field Permission: Which fields can the user see/edit after accessing that object?
- Login Hours: We can set the hours when a user can log into Salesforce.org.
- Login IP Ranges:
- We can set the allowed IP’s from which login is allowed.
- Login from any other IP’s will not be allowed.
- Do not set this for System admin profile.
- We can set a range of IP’s.
- System permission:
- Export Report
- View All Data
- Modify All Data
- Transfer Case/Leads
- Password Never Expires
Password Policies: We can specify the company’s password requirement.
- Can be set at the organisation level or profile level.
- Profile level password policy overrides the org-wide password policy.
Profile vs Permission Set
Permission Set: Permission set extends the user’s access without making changes to the profile
Profile | Permission Set |
We can restrict user access from here. | Multiple permission sets can be assigned to the user. |
Login Hours/Login IP ranges can be managed | It is always used for extending the access. |
Record Type(default)/Page Layout can be assigned | Record Type(Default)/Page layout can not be assigned. |
Login Hours/Login IP ranges can’t be managed | Login Hours/Login Ip Ranges can’t be managed |
Password Policies can be set | Password Policies can’t be set |
Record level Security
Organization-Wide Default
- Used when we want to restrict the record-level access of any object
- We can set different org wides for different object.
- We have following options to set.
- Private (By default record will be visible to owner only)
- Public read only (record will be visible to all users with read only access)
- Public read/write
- Public read/write/transfer (Lead/Case)
- Controlled by parent
- If an object is on detail side of master detail relationship, it’s org wide will be controlled by parent.
- We use it to restrict the access. Serval other options are available to open up access.
Role Hierarchy
- User can edit, view and report on data owned by him or any user below them in the role hierarchy.
- User can edit, view and report on data shared with them or any user below him in role hierarchy.
- Grant Access Using Hierarchies can only be disabled for custom objects only.
- It can not restrict the access given by Org-wide default.
Sharing Rule
- Sharing rule can be used to share record with public group, role (not falling in role hierarchy.
- It can not restrict the access given by Org wide default.
- We can select the records to be shared by owner of records or criteria.
- 300 Sharing rule can be defined for each object.
- 50 Criteria based sharing rule can be set. (falls under 300)
Manual Sharing
- Record can manually be shared with user, by clicking Share button on record detail page.
- User should be 1 of following to provide manual sharing.
- Record Owner
- Having record full access
View All Data
- This can be set at the profile level.
- Users having this access will be able to see all the records.
Modify All Data
- This can be set at the profile level.
- Users having this access will be able to edit all the records.
UI Setup
List View:
- To frequently see the filtered data on object tab.
- Sharing of list view can be managed
Global Action
- Global action are used to perform some predefined action without leaving the current screen where user are currently working.
- Action like create record, updating record, send email can be performed
Customization and Configuration in Salesforce Video
Twist Your Mind
- What happens to records owned by a user when a user is deactivated?
- Apex Hour uses Salesforce and wants to onboard five new users, who should have almost the same access in Salesforce apart from 1 user who needs edit access on account in addition to all the access the other four users have. As a system admin, how will you achieve this?
These sessions are awesome and very detail.
“Twist Your Mind” is good.
Will you be posting answers for these?
Also please start the similar one for Developer also.
Thanks..
We are expecting you to post the answers in comments
Customization and Configuration in Salesforce was very informative session Thank you
Glad you like the session. I hope this post will help you to clear you ADM 201 exam
I am going to do Salesforce admin exam any voucher or help
Permission set
All the best for your ADM 201 EXAM
Means?
1. Even if we deactivate user, there won’t be any change in the records.
2. Permission set best suits for the requirement.
If we deactivate user, there won’t be any change in the record
Create a Permission set for that one Single user to access the account while it can be avoided for other users to assign
Thanks for insightful session with detailed explanation which covers all basic sections
1) If we deactivated user, there will no change in records until user ownership transfer.. If user left organization, It will affected, ideally we transfer default Ownership for object Leads, Opportunity etc. to avoid further issues, Their manager can access records based on their access.
2) Permission set can give additional access to user.
Very useful and informative.Thanks for sharing the knowledge at free of cost.
To answer the twist your mind questions,
1. Role Hierarchy can explain this issue. If the user is deactivated, anyone above that user in the Role Hierarchy will still have access. Then, they can reassign these records to a new user by Mass Transfer.
2. I think it’s testing the Profile and Permission Set. In this case, you can add all multiple users under the same Profile. For the particular 1 User, you want to assign the Edit permission, add Assignment, and select the checkboxes next to the name you want to assign to the permission set.
Thanks for the helpful workshop!
All the best
NO change in the records on deactivating the user .
. Permission set will be the best option .(going by least access method)
Good going
Configuration and Setup | Salesforce Admin Certification Workshop DAY 2.
nice session and information shared through both medium.. YouTube and website.. great work .
Thanks
Finish watching the video and the first session is complete.
All the best for all other sessions
Session completed!
I have completed the session. It was a very detailed one and easy to understand. Thanks for the session.
I hope this FREE Training will help you
Hi Amit,
Thank you very much for “FREE Salesforce Admin Certification Training”. I completed “Day 2: Configuration and Setup” Session. It is really very helpful for new members who are willing to build their career in Salesforce like me. I am preparing for the Salesforce Admin certification exam under your guidance from Apexhours blog and YouTube channel.
I have completed this session.
What happened to records owned by a user, when a user is deactivated?
Records will be available within the org and can be transfer to other users and then the assigned user will be the new owner of the records.
Apex Hour uses Salesforce and want to onboard 5 new users, which should have the almost same access in Salesforce apart from 1 user who needs edit access on account in addition to all the access the other 4 users have. As a system admin, how will you achieve this?
One profile with read access can we assigned to all users and then a permission set with edit access can be assigned to that one dedicated user.
I have completed “FREE Salesforce Admin Certification Training”. “Day 2: Configuration and Setup” Session. It was a very nicely explained & detailed session for us,who are just newbie into the salseforce ecosystem. Thanks ApexHours for such an informative session
Glad session was helpful for you
I have completed this session.
Thank you!
Just finished watching this session. Thank you @Amit.
I finished watching this session and the second step is complete.
Thank you Sir @Amit
I have completed this session, thanks for bringing up this course!
Hi, I don’t see the PPT presentation on this page. Is it available for download/viewing?
Thanks!
We posted the PPT content in Blog post
Apexhours is really useful for novice SF person like for me. Now I am confident enough to take up the admin certification.
Thanks a lot.
All the best for your exam